# Encrypt directory with --skip-unlock

# => Check dir status
"MNT/dir" is encrypted with fscrypt.

Policy:   desc1
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 
Unlocked: No

Protected with 1 protector:
PROTECTOR         LINKED  DESCRIPTION
desc2  No      custom protector "prot"
touch: cannot touch 'MNT/dir/file': Required key not available

# => Get policy status via mount:
desc1  No        desc2

# Unlock directory
Enter custom passphrase for protector "prot": "MNT/dir" is now unlocked and ready for use.

# => Check dir status
"MNT/dir" is encrypted with fscrypt.

Policy:   desc1
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 
Unlocked: Yes

Protected with 1 protector:
PROTECTOR         LINKED  DESCRIPTION
desc2  No      custom protector "prot"

# => Get policy status via mount:
desc1  Yes       desc2

# Lock by cycling mount

# => Check dir status
"MNT/dir" is encrypted with fscrypt.

Policy:   desc1
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 
Unlocked: No

Protected with 1 protector:
PROTECTOR         LINKED  DESCRIPTION
desc2  No      custom protector "prot"
mkdir: cannot create directory 'MNT/dir/subdir': Required key not available

# => Get policy status via mount:
desc1  No        desc2

# Try to unlock with wrong passphrase
[ERROR] fscrypt unlock: incorrect key provided
"MNT/dir" is encrypted with fscrypt.

Policy:   desc1
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 
Unlocked: No

Protected with 1 protector:
PROTECTOR         LINKED  DESCRIPTION
desc2  No      custom protector "prot"

# Unlock directory
Enter custom passphrase for protector "prot": "MNT/dir" is now unlocked and ready for use.

# => Check dir status
"MNT/dir" is encrypted with fscrypt.

Policy:   desc1
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 
Unlocked: Yes

Protected with 1 protector:
PROTECTOR         LINKED  DESCRIPTION
desc2  No      custom protector "prot"
contents

# => Get policy status via mount:
desc1  Yes       desc2

# Try to unlock with corrupt policy metadata
[ERROR] fscrypt unlock: fscrypt metadata file at
                        "MNT/.fscrypt/policies/desc1"
                        is corrupt: unexpected EOF

# Try to unlock with missing policy metadata
[ERROR] fscrypt unlock: filesystem "MNT" does not contain
                        the policy metadata for "MNT/dir".
                        This directory has either been encrypted with another
                        tool (such as e4crypt), or the file
                        "MNT/.fscrypt/policies/desc20"
                        has been deleted.

# Try to unlock with missing protector metadata
[ERROR] fscrypt unlock: could not load any protectors

You may need to mount a linked filesystem. Run with --verbose for more
information.

# Try to unlock with wrong policy metadata
[ERROR] fscrypt unlock: inconsistent metadata between encrypted directory
                        "MNT/dir1" and its corresponding
                        metadata file
                        "MNT/.fscrypt/policies/desc21".

                        Directory has
                        descriptor:desc21 padding:32
                        contents:AES_256_XTS filenames:AES_256_CTS
                        policy_version:2

                        Metadata file has
                        descriptor:desc23 padding:32
                        contents:AES_256_XTS filenames:AES_256_CTS
                        policy_version:2